Snort mailing list archives
Snort Restarter and Crash Logger (was Re: Re: Log file problem)
From: Dragos Ruiu <dr () kyx net>
Date: Mon, 6 Aug 2001 12:27:54 -0700
I too find daemontools a bit of overkill for this problem. Here is a little shell script excerpt that you can run from crontab once a minute or once every couple of minutes to restart dead snorts and it will also log crashes so you know about them: #!/bin/sh $i = "snort.conf" for $IFACE in fxp0 fxp1 do if [ -f /var/run/snort_$IFACE.pid ]; then if ! ps -p `cat /var/run/snort_$IFACE.pid` > /dev/null ; then echo `date` snorthup: removing bogus pidfile >>/var/log/messages echo `date` snorthup: restarting absentee snort on $IFACE with conf file $i >>/var/log/messages rm -f /var/run/snort_$IFACE.pid /usr/local/bin/snort -D -c $i -i $IFACE fi; else echo `date` snorthup: restarting snort on $IFACE with conf file $i >>/var/log/messages /usr/local/bin/snort -D -c $i -i $IFACE fi done On Sun, 05 Aug 2001, Ralf Hildebrandt wrote:
It's just THE tool for snort. Without it, I couldn't keep my snort box up & running ...Looks like a bit of an overkill for me, but thanks.The problem with snort is that you cannot rely on it being "up" all the time. It happened all too often that it crashed in the middle of the night, leaving the snort sensor down until the next morning. Now, with daemontools, no manual intervention is needed. If snort crashes, it's back up the next second. -- ralf.hildebrandt () innominate com innominate AG Technical Consultant Don't be afraid of what you see - Diplom-Informatiker be afraid of what you don't see! tel: +49.(0)7000.POSTFIX fax: +49.(0)30.308806-77 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Dragos Ruiu <dr () dursec com> dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Log file problem Ush (Aug 04)
- Re: Log file problem Ralf Hildebrandt (Aug 05)
- Re: Log file problem Ush (Aug 05)
- Re: Re: Log file problem Jörgen Persson (Aug 05)
- Re: Re: Log file problem Ralf Hildebrandt (Aug 05)
- Re: Log file problem Ush (Aug 05)
- Re: Re: Log file problem Ralf Hildebrandt (Aug 05)
- Re: Log file problem Ush (Aug 05)
- Snort Restarter and Crash Logger (was Re: Re: Log file problem) Dragos Ruiu (Aug 06)
- Re: Snort Restarter and Crash Logger (was Re: Re: Log file problem) Kyle R Maxwell (Aug 07)
- Re: Snort Restarter and Crash Logger (was Re: Re: Log file problem) Dragos Ruiu (Aug 07)
- Re: Log file problem Ush (Aug 05)
- Re: Log file problem Ralf Hildebrandt (Aug 05)
- Re: Re: Log file problem Jörgen Persson (Aug 05)
- Re: Log file problem Ush (Aug 05)
- <Possible follow-ups>
- Re: Re: Log file problem Rob Whelan (Aug 05)
- Re: Log file problem Ush (Aug 05)